On 08/15/2016 11:12 AM, Martin Schlander wrote:
Mandag den 15. august 2016 09:44:29 skrev Anton Aylward:
As for "crippling a little bit", I think you still fail to understand. Its not about 'crippling", and certainly not "a little bit". its about "completely removing the ability" for an ordinary user to shut down or kill another user's processes. AT ALL. IN ANY WAY WHAT SO EVER.
You seem to fail to understand that
Sorry, that is not the case. You haven't read what I wrote.
1) Even with this crippling the ordinary user can still shut down the system using kshutdown if he starts kshutdown by running the kshutdown executable directly instead of using the .desktop file to start kshutdown.
You haven't read what I wrote - specifically on this, or in general. Regular readers will now that I'm quite happy to deal with matters on a CLI level rather than just press icons, and as ian goes on to mention a screen in systemsetting, what's "under the hood" for KDE & KDM, and I presume there is similar consideration for the Gnome style desktops, ultimately leads to 'systemctl'. This is a systemd based version of Linux, after all! If you allow the user access to systemctl. or any of its aliases (see the man pages that I've referred to in past postings) or any of the things that symlink to it (ibid) and don't strap those down with some soft of access control (restrict execution, remove from a chroot'd environment, use polkit, use the system capabilities restrictions on user & user child processes) then yes, the user can do a shutdown by other means that kshutdown. I really don't understand why you're obsessing about kshutdown when its just an artefact of the way - one way - that KDE can be configured, when other DMs exist. Look under the hood. Shutting down the system is about communicating with the init process, and that might merely involve the system bus. probably something like this: qdbus org.kde.ksmserver /KSMServer org.kde.KSMServerInterface.logout -1 -1 -1 Well if you want a simple logout qdbus org.kde.ksmserver /KSMServer logout 0 0 0 But since you're so obsessed with kshutdown, you probably haven't notices such things. never mind the option on the panel geko popup men or the option on the login screen. Which, hey don't you know, all end up, "under the hood", doing pretty much the same thing and ending up with system controls one way or another.
2) Out of the box an ordinary user can shut down the system in dozens of different ways besides kshutdown. So what is gained by crippling the kshutdown package? Nothing.
Its not about "crippling", its about disabling PROPERLY the underlying mechanism. If you're unfamiliar with such things as polkit and capabilities, start with the man pages then google around a bit. maybe you can come out of this meal cul-de-sac of obsessing about kshutdown you have. Anyway, I'm glad you are finally admitting that there are other ways to shut down the system. Any reasonable sysadmin, and especially those running multi-user systems, will know of these, and, as I say, also know about polkit, chroot, and capabilities, and use this to disable - not cripple - those other avenues of disruption. -- wind catches lily scatt'ring petals to the wind segmentation fault -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org